this post was submitted on 25 Oct 2024
220 points (98.7% liked)

Open Source

31184 readers
249 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
Cloak@lemmy.ml
kevincox@lemmy.ml
CrypticCoffee@lemmy.ml
Lettuceeatlettuce@lemmy.ml
220
Bitwarden update: sdk-internal now GPL, sdk/sdk-secrets to remain proprietary but not used in clients (github.com)
submitted 2 weeks ago by Atemu@lemmy.ml to c/opensource@lemmy.ml
37 comments fedilink hide all child comments
 

@brjsp thanks again for submitting the concern here. We have made some adjustments to how the SDK code is organized and packaged to allow you to build and run the app with only GPL/OSI licenses included. The sdk-internal package references in the clients now come from a new sdk-internal repository, which follows the licensing model we have historically used for all of our clients (see LICENSE_FAQ.md for more info). The sdk-internal reference only uses GPL licenses at this time. If the reference were to include Bitwarden License code in the future, we will provide a way to produce multiple build variants of the client, similar to what we do with web vault client builds.

The original sdk repository will be renamed to sdk-secrets, and retains its existing Bitwarden SDK License structure for our Secrets Manager business products. The sdk-secrets repository and packages will no longer be referenced from the client apps, since that code is not used there.

This appears at least okay on the surface. The clients' dependency on sdk-internal didn't change but that's okay now because they have licensed sdk-internal as GPL.

The sdk-secret will remain proprietary but that's a separate product (Secrets Manager) and will apparently not be used in the regular clients. Who knows for how long though because, if you read carefully, they didn't promise that it will not be used in the future.

The fact that they had ever intended to make parts of the client proprietary without telling anyone and attempted to subvert the GPL while doing so still remains utterly unacceptable. They didn't even attempt to apologise for that.

Bitwarden has now landed itself in the category of software that I would rather move away from and cannot wholeheartedly recommend anymore. That's pretty sad.

you are viewing a single comment's thread
view the rest of the comments
[–] JustMarkov@lemmy.ml 15 points 2 weeks ago (1 children)

Nah, I've switched to KeePassXC already. I've never been happier.

[–] MoonlightFox@lemmy.world 2 points 2 weeks ago (3 children)

Does it work well from a user experience standpoint? I am considering switching from my current provider to KeePass XC. Usability is important, I also need to share some passwords with my SO. She is good with technology and computers, but not a dev.

[–] KLISHDFSDF@lemmy.ml 3 points 2 weeks ago

Check out Proton Pass. I migrated my Bitwarden to it and its not just fast compared to Bitwarden but the UX is really nice. That said, I'm still sticking with Bitwarden, but will happily move away and give my money to Proton if they ever actually stop making their client open source.

[–] JustMarkov@lemmy.ml 2 points 2 weeks ago

Yes, it does works well, but has its caveats. You have to set up your own sync, either using a Syncthing or any other 3rd party app as KeePassXC does not have any sync option built in. KeePassDX has a good article about syncing a database.

[–] griefstricken@lemmy.ml 1 points 2 weeks ago

It absolutely rules for all kinds of info you don't want laying around loose on a device. The sync issues others have mentioned are just a result of it giving you more control over file management. I don't even sync I just use an SD card